Syrian Electronic Army 'Hack' Of The NYTimes Was The Exact Remedy MPAA Demanded With SOPA

from the and-it-was-a-joke dept

There were many, many concerns related to SOPA and PIPA when they were proposed, but the absolute biggest was the use of DNS blocking as a "remedy" against sites where it was alleged that infringement was a primary purpose. Of course, as tons of technology experts points out, any form of DNS filtering or redirecting would be a security nightmare and would do almost nothing to actually stop infringement.

As you may have heard, this week the Syrian Electronic Army was effectively able to "take down" nytimes.com by engaging in a bit of DNS hacking, which was really nothing more than a DNS redirect. As Rob Pegoraro points out, this is the same basic remedy that the MPAA wanted so badly with SOPA. In fact, during the negotiations over SOPA (after it became clear that its companion bill in the Senate, PIPA, was stalled over the DNS blocking issue), this was the issue the MPAA refused to budge over: DNS blocking/redirects needed to be in SOPA. As Pegoraro writes, if SOPA had become law, we likely would have seen the law abused to take down sites just as the Syrian Electronic Army took down nytimes.com:

2011's Stop Online Piracy Act would have let copyright holders require Internet providers to use DNS redirection to block access to allegedly infringing sites. That authority would inevitably have been abused in social-engineering exploits--and we'd likely see a lot more outages like the NYT's.

At the same time, Ali Sternburg, over at the Disruptive Competition Project points out that this also shows just how laughably ineffective DNS blocking/redirecting would have been in SOPA (despite the MPAA's insistence that it was necessary), because it's so easy to get around and many, many people did. It may have been an inconvenience, but it was hardly the game changer the MPAA predicted.

If this sounds familiar to you, perhaps it’s because Domain Name System (DNS) blocking was part of the original draft of SOPA. DNS blocking was suggested as a remedy to take entire allegedly infringing foreign websites down, but yesterday demonstrated that people can still navigate to sites through their IP address, even when domain name servers are offline. This is consistent with a major critique of the DNS blocking during the SOPA debate: that it wouldn’t even work. Some SOPA supporters had argued in response that “it would be a mistake to assume, as some of these network engineers have, that the average Internet user has the above-average technical skills necessary to do this.” But yet, people did yesterday.* If people want to access a website, they can figure it out pretty fast, and without needing any significant technological skills.

So it's somewhat ineffective for blocking (though, very effective for drawing much more attention to what you want blocked). It was a dumb idea by the technologically illiterate folks at the MPAA to suggest a form of DNS hacking as any kind of remedy to copyright infringement, and the NY Times redirect hack just made that even clearer.

The attack was mitigated by other means as well

A number of network engineers blunted the attack by having their resolvers return correct information, thus effectively rendering it null against anybody who was using those resolvers.

In English: you are a customer of Fred's ISP, which you are connected via dialup/DSL/cable/fiber/whatever. When you make that connection, your modem/router is assigned an IP address by Fred and now you are on the Internet. Yay! You're also assigned a bunch of other things (like a default route) including DNS servers. Thus when you attempt to connect to http://example.com, your system emits a query for the IP address of example.com and that query is directed at the DNS servers that Fred told you to use. (This is presuming you didn't override all these things...which you probably didn't.)

So if Fred's operators notice that the SEA has done something evil to the DNS records for example.com, they can trump that by ordering their DNS servers -- the ones you're using -- to return something else...like the correct DNS records.

This is not the sort of thing Fred's people want to do every day, and they're not going to do it for piddly little sites that nobody visits anyway...but replace "Fred" with "Verizon" and "example.com" with "The New York Times" and yeah...they just might. And in some cases: they did.

Re:

the difference would be that the entertainment industries wouldn't give a toss who else or which other else sites were affected as long as they got what they wanted. it's exactly the same with the supposed win against Hotfile. they haven't even considered, let alone worried about all the side effects this ruling will have, if it stands, on every other 2nd and 3rd person liability. as long as they think they are stopping their stuff from being had, it's got to be good! it's got to be working right, right? if Obama wanted to do one thing to get the US economy going, he ought to stop what these industries are getting away with, stop helping them above all else and tell them to start doing what every other business has to do, COMPETE!! you'd be surprised how much money can change hands when a customer can get what he's looking for without having the piss took out of him over the price!!

As you strain here to be topical besides somehow -- sheesh! -- link to MPAA and SOPA, I bring in a similar enough given your wacky S-T-R-E-T-C-H subversive role that Google and its executives played in the "Arab Spring". That article lays out long-term connections with WH and State Dept, not just a website hack.

First you claim: As you may have heard, this week the Syrian Electronic Army was effectively able to "take down" nytimes.com by engaging in a bit of DNS hacking, which was really nothing more than a DNS redirect.

And then you say: At the same time, Ali Sternburg, over at the Disruptive Competition Project points out that this also shows just how laughably ineffective DNS blocking/redirecting would have been in SOPA (despite the MPAA's insistence that it was necessary), because it's so easy to get around and many, many people did.

So which is it? The Syrians can "effectively take down nytimes.com" but if used as part of SOPA it'd have been "laughingly ineffective? "

Re:

So which is it? The Syrians can "effectively take down nytimes.com" but if used as part of SOPA it'd have been "laughingly ineffective? "

You are bad at reading comprehension. Note that I did not say that they took down "The NY Times." I said they took down nytimes.com -- the specific URL. That's true. But, as Sternburg pointed out, this was useless, because it didn't take down the content, nor make it difficult to reach.

They took down the URL, but not the content. Basically exactly what your preferred solution would have been.

Re:

As you may have heard, this week the Syrian Electronic Army was effectively able to "take down" nytimes.com by engaging in a bit of DNS hacking, which was really nothing more than a DNS redirect

Notice that quotes around "take down". This is an indication that the term within them does not accurately reflect what actually happened. They are just like people using air quotes when they talk about you being intelligent or well read.

At the same time, Ali Sternburg, over at the Disruptive Competition Project points out that this also shows just how laughably ineffective DNS blocking/redirecting would have been in SOPA

It can be pointed to as an example as to how ineffective DNS redirects would have been because people were still able to get to the website by easily typing in the IP address into their web browser. Lots of average-intelligence internet users managed to take on this complex task of typing numbers and easily defeated the blocade.

Re: Re:

Funny, the NY Times (as reported on can.com) said:

The newspaper posted a message on its Facebook page about 5 p.m. ET that said, "Many users are having difficulty accessing The New York Times online. We are working to fix the problem. Our initial assessment is the outage is most likely the result of a malicious external attack."

So nytimes.com claim many users had difficulty accessing content. But I guess we should believe you instead because you just know these things, right?

Re:

And of course, as Masnick warned during SOPA, the Internet is now broken because of this DNS blocking that just occurred.

Oh wait, no it isn't.

Because slimy Mike Masnick and the turds that employ him over at Greedle were LYING to people.

Hahahahahahahaha, nice of you to point that out. On another humorous note; the douchenozzles over at Demand Progress have resurrected the Justin Bieber in prison campaign over streaming. Seriously Masnick, the only you're missing are the slap shoes, bulb nose and tiny little car.

Re: Re: Re:

The given solution to access nytimes.com when you can't rely on DNS is to type in a string of numbers. A very simple and easy solution. But only if you know about it, or know exactly what to ask or who to ask.
The average web surfer when trying to access nytimes.com wouldn't have known even the slightest thing about DNS or the fact that the solution was incredibly simple. He would have just said to himself "Site is down, somebody hacked it, them geeks at the Times have to do some computer shit to fix it, there's nothing I can do myself to get at the site".

Re: Re: Re:

"So nytimes.com claim many users had difficulty accessing content. But I guess we should believe you instead because you just know these things, right?"

So the NYT says "many users had difficulty accessing content" and Mike says "this also shows just how laughably ineffective DNS blocking/redirecting would have been in SOPA... because it's so easy to get around and many, many people did." These two statement are NOT in conflict with each other. Both can be (and most probably are) completely correct.

Just for the sake of historical accuracy, re-directing was removed from the SOPA bill during the amendment process. To respond with "but it was there originally" would be literally true, but would be misleading in that if SOPA had passed it would have done so without a re-direct provision.

Re: Re: Re: Re: Re: Re: Re:

It was Google through Marvin Ammori, their DC hired gun. He personally wrote on the order of 50 of the 75 amendments offered at the SOPA markup. Mostly redundant and all calculated to bog the process down and allow momentum to build. It was nicely played, but only Holocaust and global warming deniers maintain that Google didn't have its greasy fingerprints all over that.

Re: Re: Re: Re: Re: Re: Re: Re:

Mmmhmm... Sure, blame google. I'm sure that it makes you feel better at night thinking that it had to be evil Google's fault that SOPA failed and not the fact that there were millions of phone calls to Congress.

Re:

There was still the fact that you would get hit with a felony for streaming/posting stuff that was under copyright.

Seriously, stop and think about that for a moment...

Posting a copy of something online had the potential to hit you with the same kind of punishment that someone who runs people over with cars, murders, rapes, steals thousands of dollars from a bank, certain animal abuses...

I call bullshit on the argument that normal people don't know how to type in a numeric IP address.

You learn how to do the things you want to do. Years ago, people had simpler programs for email and social networking. Now you just ask a friend or Google what you don't know. If routing around DNS blocking became widely necessary, very user friendly redirects to numeric IP addresses would pop up overnight.

Re: Re:

even though this proves exactly how bad SOPA was, the MPAA and obviously the rest of the entertainment industries have now managed to get 2nd and 3rd person liability brought into their equation. the results of this can and probably will be catastrophic! the judge that arrived at this conclusion must be a fucking moron or well payed by the industries! the door is now open for all sorts of mischief to happen!

Re:

Actually, everything that has happened since SOPA is SOPA+. Six strikes, ad network and payment processing cooperation without the need for judicial review, search engine demotion, secondary liability for file lockers. In total, it is much further reaching than SOPA. Who needs SOPA?

Re: Re:

There was still the fact that you would get hit with a felony for streaming/posting stuff that was under copyright.

Seriously, stop and think about that for a moment...

Posting a copy of something online had the potential to hit you with the same kind of punishment that someone who runs people over with cars, murders, rapes, steals thousands of dollars from a bank, certain animal abuses...

So, in what kind of world does THAT make any sense?

All it does is elevate the penalties for illegal streaming to that of illegal downloading with the same thresholds. And it was not part of SOPA, it was a bill introduced by Klobachar.

Re:

Yeah the funniest part (that you obviously understood but cherry-picked a couple of statements out of context)is that the initial point is true. It would break the internet... if it was systemic and not a hack.

Think about this... all of the "official" DNS servers are managed according to SOPA... what happens next is that the "hackers" or people intent on providing a free and open internet setup their own DNS servers and voila! no more DNS direct by the powers that be... Now imagine 100 or 1000 world-wide organizations all with their own DNS servers all having different IPs for a given domain or domains.

Re: Re: Re: Re:

Obviously you are slow. I answered the question. The bill, (still not part of SOPA) brought illegal streaming penalties to the same as those for illegal downloading. That makes sense. And neither the streaming nor downloading penalties apply to anyone other than those doing it for commercial gain. It would not apply to silverscarcat streaming the latest episode of "Big Bang Theory" in his Mom's basement. But it would apply to the crook seeking to unlawfully enrich himself on the creative output of another to which he is not entitled. If you can't understand that, you should ask your Special Ed. teacher for a more in-depth explanation using smaller words.

Re: Re: Re: Re: Re: Re: Re: Re:

None of which has anything to do with the popular revolt against SOPA -- which Google did not start and tried to avoid getting involved with until they realized it would have been a PR disaster if they didn't.

yes, Google did want SOPA modified to benefit them (Google is far from an angel), but they had no interest in scuttling it altogether.

Re: Re: Re: Re: Re:

All it does is elevate the penalties for illegal streaming to that of illegal downloading with the same thresholds.

I believe the SSC's point is that it's pretty ridiculous that the "same thresholds" you mention mean that it's worse to commit copyright infringement than to commit robbery, rape, or murder. It seems like a point well taken.

If you can't understand that

The problem with that is that it's very, very difficult to tell what's "commercial" and what isn't. The industry's perspective is if there's an ad on the page, it's commercial. By that definition, almost everything anybody does on the internet is "commercial".

The distinction is a smoke screen, used to try to imply that ordinary users wouldn't be affected when clearly almost all of them would be.

Re:

Just for the sake of historical accuracy, re-directing was removed from the SOPA bill during the amendment process.

This is false. The manager's amendment made some changes, but DNS issues remained. The "change" was that it no longer mentioned DNS specifically, but set it up such that the only way to really comply with the law would have been through DNS redirect.

This was the language in the manager's amendment:

A service provider shall take such measures as it determines to be the least burdensome, technically feasible, and reasonable means designed to prevent access by its subscribers located within the United States to the foreign infringing site that is subject to the order. Such actions shall be taken as expeditiously as possible.

To respond with "but it was there originally" would be literally true, but would be misleading in that if SOPA had passed it would have done so without a re-direct provision.

Also false. As a last gasp effort, Senator Leahy promised to change PIPA to say that DNS issues wouldn't have be implemented right away, but only after a "study." The text of said language was never publicly introduced. Rep. Smith later made a vague promise to do something similar with SOPA, but never released any text.

But, until the end, SOPA had a requirement for blocking on the part of ISPs, and the style of blocking was almost certainly limited to DNS blocking.

Link between MPAA and the so-called Syrian Electronic Army?

One wonders what the link is between the so-called Syrian Electronic Army and the MPAA...

It seems "convenient" that this was an attack orchestrated in response to some possible military activity by the US Government against Syria... It seems much more likely that it was an attack orchestrated by the MPAA and its co-conspiritors behind SOPA hiding behind a "front page name" organization.

Re: to Michael, Aug 29th, 2013 @ 12:57pm

Re: Google Hails Age of Cyber War & Digital Revolution

That article lays out long-term connections with WH and State Dept, not just a website hack.

Ha. If anyone actually has doubts about whether Truthstream Media is a loony conspiracy site, just read the other articles. Like this one:

Herein, the masterful decoder Vigilant Citizen breaks down the most occultic part of Kubrick’s final masterpiece – and one that many believe got him killed – an obvious, but important nod to the secret rituals of the elite powerbrokers who rule our world.

Chicken Little

The bottom line is that the primary criticism of the DNS blocking provision of SOPA is that it would "break the Internet." But now DNS blocking is "laughably ineffective" and "easy to get around." At worst, as you put it, it's an "inconvenience." SOPA was never going to cause the Internet sky to fall and everyone knew it.

Re: Chicken Little

The bottom line is that the primary criticism of the DNS blocking provision of SOPA is that it would "break the Internet." But now DNS blocking is "laughably ineffective" and "easy to get around." At worst, as you put it, it's an "inconvenience." SOPA was never going to cause the Internet sky to fall and everyone knew it.

I think you misunderstand the issues -- either due to technological ignorance or willful misrepresentation. The fact that DNS blocking is easy to get around has nothing to do with the fact that forced DNS filtering would, in fact, break key aspects of the internet. No one claimed it would *shut down* the internet, but rather that it would make certain important parts of the internet, including certain forms of security (like DNSSEC) impossible to work properly.

So, yes, both statements are true. Forced redirects would break key components of the internet, and it would do so in a manner that would be highly ineffective in stopping what SOPA supporters wanted to stop. The main problem is that while it would be totally ineffective in stopping piracy, the things it would break *would* be hard to replace. So you'd damage internet security, without slowing piracy.